CVE-2025-7869 | Portabilis i-Educar 2.9.0 Turma Module educar_turma_tipo_det.php?cod_turma_tipo=ID nm_tipo cross site scripting

A vulnerability, which was classified as problematic, has been found in Portabilis i-Educar 2.9.0. Affected by this issue is some unknown functionality of the file intranet/educar_turma_tipo_det.php?cod_turma_tipo=ID of the component Turma Module. The manipulation of the argument nm_tipo leads to cross site scripting.

This vulnerability is handled as CVE-2025-7869. The attack may be launched remotely. Furthermore, there is an exploit available.

The vendor was contacted early about this disclosure but did not respond in any way.

CVE-2025-7869 | Portabilis i-Educar 2.9.0 Turma Module educar_turma_tipo_det.php?cod_turma_tipo=ID nm_tipo cross site scripting

Post correlati

CVE-2024-29645 | radare2 5.8.8 parse_die buffer overflow

CVE-2024-5087 | Minimal Coming Soon Plugin up to 2.38 on WordPress Setting authorization

CVE-2024-34093 | Archer Platform prior 2024.03 Header X-Forwarded-For access control

CVE-2025-50096 | Oracle MySQL Server up to 8.0.42/8.4.5/9.3.0 InnoDB improper authorization